Description
WordPress Plugin Contact Form 7 Multi-Step Addon contains malicous code. Exploiting this issue may allow an attacker to create a new administrative user account, thus compromising the affected application, and possibly the webserver or computer. WordPress Plugin Contact Form 7 Multi-Step Addon versions 1.0.4 - 1.0.5 are affected.
Remediation
Update to plugin version 1.0.7 or latest
References
Related Vulnerabilities
Jenkins Improper Input Validation Vulnerability (CVE-2012-6073)
MyBB Improper Access Control Vulnerability (CVE-2016-9412)
WordPress Plugin WP Custom Fields Search Cross-Site Scripting (1.2.34)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (1.2.05.20)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33333)